ProcessFlags in the KPROCESS

The 32-bit bit fields in union with the ProcessFlags
member of the KPROCESS have
a complicated history that seems better presented separately from the structure.
Notably, new versions bring not just new fields but redefinitions and even changes
of type. The original, for the version 5.2 from Windows Server 2003 SP1, was a straightforward
tidying up that collected what had been three single-byte booleans, but then someone
got exercised about volatility and perhaps someone else later decided it didn’t
matter:

Mask

Definition

Versions

Remarks

0x00000001

LONG AutoAlignment : 1;

late 5.2 only

previously BOOLEAN at 0x64

LONG volatile AutoAlignment : 1;

6.0 to 6.1

LONG AutoAlignment : 1;

6.2 and higher

0x00000002

LONG DisableBoost : 1;

late 5.2 only

previously BOOLEAN at 0x67

LONG volatile DisableBoost : 1;

6.0 to 6.1

LONG DisableBoost : 1;

6.2 and higher

0x00000004

LONG DisableQuantum : 1;

late 5.2 only

previously BOOLEAN at 0x69

LONG volatile DisableQuantum : 1;

6.0 to 6.1

LONG DisableQuantum : 1;

6.2 and higher

Additions started in version 6.1—for the ActiveGroupsMask,
see further below—but are complicated by insertion and deletion. How version 6.2
added one bit as signed and two as unsigned may forever be anyone’s guess.

Mask

Definition

Versions

0x00000008 (6.2 to 6.3)

LONG AffinitySet : 1;

6.2 to 6.3

0x00000010 (6.2 to 6.3);
0x00000008

ULONG DeepFreeze : 1;

6.2 and higher

0x00000020 (6.2 to 6.3);
0x00000010

ULONG TimeVirtualization : 1;

6.2 and higher

0x00000040 (6.3);
0x00000020

ULONG CheckStackExtents : 1;

6.3 and higher

ULONG SpareFlags0 : 2;

10.0 to 1607

0x00000040

ULONG CacheIsolationEnabled : 1;

1803 and higher

0x000000C0 (1703 to 1709);
0x00000380

ULONG PpmPolicy : 2;

1703 to 1709

ULONG PpmPolicy : 3;

1803 and higher

An ActiveGroupsMask is kept as the last of the defined
fields, perhaps so that its processor-dependent width does not affect other fields.
Windows 10 perhaps inserts the SpareFlags0 to align
ActiveGroupMasks while leaving space both before for
more bits and after for more processor groups. All versions have reserved bits at
the end.